if you want
the firewall to cache the resolved domain names.
This setting is enabled by default.
Enter the
Domain Name
to which
the firewall compares FQDN queries.
If a query matches one of the domains in the rule, the query is sent to one of the DNS servers
you specify.
Enter a
Primary
and
Secondary
DNS
server for this specific DNS proxy rule.
If no primary or secondary DNS servers are specified, then the domain is sent to the DNS servers
you specified in the previous step.
(
Optional
) Configure
Static Entries
.
Configure a static entry to supply the DNS Proxy with static FQDN-to-address
entries. This allows the firewall to resolve the FQDN to an IP address without
sending a query to the DNS server.
Add
a static entry.
Enter a
Name
for the static entry.
Enter the IP
Address
you want to statically map
to an FQDN.
Enter the Fully Qualified
Domain Name
that
you want to map the static IP address to.
Enable caching and configure other
Advanced
settings
for the DNS Proxy.
For TCP Queries,
Enable
to enable DNS queries
using TCP.
Max Pending Requests
—Enter the maximum
number of concurrent, pending TCP DNS requests that the
firewall will support. Range is
64
-
256
;
default is
64
.
This setting applies only if TCP Queries is enabled.
Configure the UDP Queries Retries.
Interval (sec)
—The length of time (in
seconds) after which another request is sent if no response
has been received.
Range is
1
-
30
;
default is
2
.
Attempts
—The maximum number of UDP
query attempts, excluding the first attempt, after which the
next DNS server is queried.
Range is
1
-
30
;
default is
5
.
Configure the Cache settings to enable the firewall to cache
FQDN-to-address mappings that it learns.
Enable
the Cache setting.
To enable this setting, you must also enable
Cache
for your
DNS
Proxy Rules
if the DNS Proxy object is used
for queries that the firewall generates.
Enable TTL
to limit the length of time
the firewall caches DNS resolution entries for the DNS Proxy
object.
Enter the
Interval
to specify the
number of seconds after which all cached entries for the DNS
Proxy object are removed. After the entries are removed, new
DNS requests must be resolved and cached again.
Cache EDNS Responses
—You must enable
this setting if the DNS Proxy object is used for queries
that the firewall generates.